IOC Radar
IPMediumSignal 23/100

121.236.128.56

Location
ChinaChina
Nanjing, JS
ASN
AS140292
Jiangsu Network of ChinaTelecom
First Seen
Apr 11, 2023
Last Seen
Apr 7, 2026
Apr 11
First Seen
1156d ago
Apr 7
Last Seen
64d ago
7
Reports
source reports
23%
Confidence
medium
1/91
VirusTotal
detections
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
23%
Signal Score
23 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

30 techniques

Network Information

CountryCNChina
RegionNanjing, JS
ASNAS140292
OrganizationJiangsu Network of ChinaTelecom

Feed Intelligence Summary

7 reports23% confidence
7
Source reports
23%
Confidence score
Category tags
active scanactive scanningasiaattackbotnetbotnet activitybrute forcechinacncommand and controlcommunication protocolcowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredecoy systemdionaea honeypotdistributed attacksexploitation activityftp brute forcehoneytrap honeypotidentity & access exploitationindicatorinjection activitylamplamp exploitation attemptsmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork scanningnetwork securitynorth americaphishingphishing attackphishing trappotential malware distributionprocess injectionprotocol exploitationreconnaissanceresearchedresource hijackingsentrypeer botnetsftp attacksip brute forcesip scanningsmtp brute forcesocial engineeringssh attackssh monitoringt1016t1018t1021t1040t1041t1046t1053t1055t1059t1071.001t1078t1110t1110.002t1190t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1583t1588t1595t1595.001t1595.002t1595.003telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodeunited statesvoipvoip attack

Activity Timeline

1 total obs
Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This report details a low-risk Indicator of Compromise (IOC) identified as an IPv4 address, 121.236.128.56. With a score of 22.52, this IOC is assessed as having a minor potential impact, primarily indicating general scanning or reconnaissance activity rather than an immediate, direct threat. The presence of this IP address in various threat intelligence feeds, including AbuseIPDB and AlienVault OTX Feeds, primarily suggests it has been observed in broad internet scanning activities. Notably, it…

Threat ScoreLow Risk
23
SIGNAL
Signal Score
23%
Confidence
7
Reports
First seenApr 11, 2023
Last seenApr 7, 2026
GeolocationCN
CountryChina
LocationNanjing, JS
ASNAS140292
OrgJiangsu Network of ChinaTelecom
Coords31.3093, 120.6020

VirusTotal

1/ 91vendors flagged
1% detection rateJun 3, 2026

WHOIS

description
2025-02-13T14:18:54.496Z Honeypot : Dionaea : Source: 121.236.128.56 : Port: 81 Connection: {'transport': 'tcp', 'type': 'accept', 'protocol': 'httpd'}
raw
inetnum: 121.224.0.0 - 121.239.255.255 netname: CHINANET-JS descr: CHINANET jiangsu province network descr: China Telecom descr: A12,Xin-Jie-Kou-Wai Street descr: Beijing 100088 country: CN admin-c: CH93-AP tech-c: CJ186-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-JS mnt-routes: MAINT-CHINANET-JS mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:09Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC role: CHINANET JIANGSU address: 260 Zhongyang Road,Nanjing 210037 country: CN phone: +86-25-87799222 e-mail: [email protected] remarks: send anti-spam reports [email protected] remarks: send abuse reports [email protected] remarks: times in GMT+8 remarks: www.jsinfo.net admin-c: CH360-AP tech-c: CS306-AP tech-c: CN142-AP nic-hdl: CJ186-AP notify: [email protected] mnt-by: MAINT-CHINANET-JS last-modified: 2022-08-05T15:34:47Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 2 months ago
Appeared in 7 threat reports